On 3/29/17 11:52 AM, Mohanraj, Bharath wrote: > > Can you try replacing, > > > > --profile xccdf_org.ssgproject.content_profile_pci-dss > > > > With > > > > --profile xccdf_org.ssgproject.content_profile_pci-dss_with_ot >
+1 Remember to point OpenSCAP at the tailor file, not the original datastream. > > > *From:*[email protected] > [mailto:[email protected]] *On Behalf Of *Josh Moore > *Sent:* Wednesday, March 29, 2017 6:49 PM > *To:* [email protected] > *Subject:* [Open-scap] tailoring file not working > > > > I am working on creating a tailored PCI profile that accounts for > items covered by our provider. So I want to tailer the profile to > remove what I consider to be false positives. I have created the > tailoring file on my Mac desktop and copied it to my centos 7 test > machine. However, when I run the oscap command on the centOS server > the tailoring file is ignored. Any idea of what I am doing wrong? > > > > oscap xccdf eval --tailoring-file tailoring.xml --report report.html > --profile xccdf_org.ssgproject.content_profile_pci-dss > /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml > > > > Tailoring File content: > > <?xml version="1.0" encoding="UTF-8"?> > > <xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2 > <https://urldefense.proofpoint.com/v2/url?u=http-3A__checklists.nist.gov_xccdf_1.2&d=CwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=ylluGgiy6YcBNWxAWKqJ9Q&m=VwBwnTVJ6mbd1LCcB1mmKlR4TDm7H5rmbFpbSTdl8o8&s=9rqddwDp15TZtPAQFqFc1Cfp3tmrR5nqYnTRme9xenk&e=>" > id="xccdf_scap-workbench_tailoring_default"> > > <xccdf:benchmark > href="/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml"/> > > <xccdf:version time="2017-03-29T09:09:14">1</xccdf:version> > > <xccdf:Profile > id="xccdf_org.ssgproject.content_profile_pci-dss_with_ot" > extends="xccdf_org.ssgproject.content_profile_pci-dss"> > > <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.w3.org_1999_xhtml&d=CwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=ylluGgiy6YcBNWxAWKqJ9Q&m=VwBwnTVJ6mbd1LCcB1mmKlR4TDm7H5rmbFpbSTdl8o8&s=DKeXAv2csKLxOp4wSQI6DAH1VtLlOc0plYIVpTPuVVs&e=>" > xml:lang="en-US" override="true">PCI-DSS v3 Control Baseline for Red > Hat Enterprise Linux 7 [CUSTOMIZED]</xccdf:title> > > <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.w3.org_1999_xhtml&d=CwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=ylluGgiy6YcBNWxAWKqJ9Q&m=VwBwnTVJ6mbd1LCcB1mmKlR4TDm7H5rmbFpbSTdl8o8&s=DKeXAv2csKLxOp4wSQI6DAH1VtLlOc0plYIVpTPuVVs&e=>" > xml:lang="en-US" override="true">This is a *draft* profile for PCI-DSS > v3</xccdf:description> > > <xccdf:select idref="xccdf_org.ssgproject.content_group_aide" > selected="false"/> > > <xccdf:select > idref="xccdf_org.ssgproject.content_group_smart_card_login" > selected="false"/> > > </xccdf:Profile> > > </xccdf:Tailoring> > > > Thanks, > > > > Josh Moore > > Chief Architect > > TarokoSoftware > > > > _______________________________________________ > Open-scap-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/open-scap-list -- Shawn Wells Chief Security Strategist U.S. Public Sector [email protected] | 443.534.0130
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
